(and again, if network
is idle users should get more bandwidth.)
Again, delay pools do not really allow for this.
You'd have to look into a fair queuing algorithm for your
firewall to do this properly.
Delay Pools and Firewall is just a traffic shaping
not a Bandwidth Management System
Hi all,
I'm configuring a squid 3 proxy and I want, to deny access to all
unwanted browsers but that is not working.
here are my current acl :
acl all_src src 0.0.0.0/0.0.0.0
acl nodst url_regex ^.*sex.*$
Hi.
I'm configuring Squid and Squidguard with NTLM authentication on a
Samba PDC server which is on the same Squid server.
When tha tuahtnetication works, how I can set some rules based on the
Windows groups the users belong to?
Has these rules to be setted on the Squid configuration or on the
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
Hi all,
I'm configuring a squid 3 proxy and I want, to deny access to all
unwanted browsers but that is not working.
here are my current acl :
You REALLY need to read on regular expressions
acl nodst url_regex ^.*sex.*$ ^.*porn.*$
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$
http_access deny !checkua
...
In case I'm using MSIE, I shouldn't have my access granted, but I have,
and getloggeduser.sh generate a log line.
what's wrong ?
What useragent
Ok, thanks, I'll try and tell you
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
Hi all,
I'm configuring a squid 3 proxy and I want, to deny access to all
unwanted browsers but that is not working.
here are my current acl :
You REALLY need to read on regular
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard and
dansguardian)
browser filtering doesn't work at all
external_acl works fine
I don't understand what I'm doing wrong with User-agent filtering
something strange I wrote a script that I called with an
Hi all,
I'm trying to block MAC address with this ACL:
acl banned_MAC arp 00:1a:73:ff:fa:9a
http_access deny banned_MAC
...and restarting squid3 gives me this error:
2009/06/24 10:34:52| Reconfiguring Squid Cache (version 3.0.STABLE1)...
2009/06/24 10:34:52| FD 12 Closing HTTP connection
2009/6/24 Dayo Adewunmi contactd...@gmail.com:
Hi all,
I'm trying to block MAC address with this ACL:
Is there something else that needs to be included for 'arp' to become a
valid ACL type?
Have you enabled arp ACL when configure Squid?
from squid.conf:
# # The arp ACL requires
Hi everybody!!
I´m working with squid 3.0 R15 with ntlm-auth + squidGuard 1.4
I´ve a doubt, all we know that when working with ntlm-auth with Active
Directory there is a problem for the authentication of the Sun Java
VM. Setting an acl browser Java/1.X and giving free access to this
group is a
It seems to be ok, have you configure squid with --enable-arp-acl?
acl aclname arp mac-address ... (xx:xx:xx:xx:xx:xx notation)
# The arp ACL requires the special configure option --enable-arp-acl.
# Furthermore, the ARP ACL code is not portable to all operating
systems.
Hi Dayo,
you have to recompile squid for this with the additional configure option
'--enable-arp-acl'.
There are some other constraints, read through the documention (for
example the config file).
snip from config file version 3.0.STABLE15
# acl aclname arp mac-address ...
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
acl checkua browser -i ^.*Mozilla/.*$ ^Keyvelop$ ^ClamWin/.*$
http_access deny !checkua
...
In case I'm using MSIE, I shouldn't have my access granted, but I have,
and getloggeduser.sh generate a log line.
On squidGuard you can also set if you want a AD group not to apply the
squidguard rules, for example a privilege group sould be something like:
src privilegio
{
ldapusersearch
I think that it should work with your Samba PDC server if it is
running ok, but I use a W'2003 and the config is made for that, just
try...
Also take care about smb.conf
I use squidGuard because it was installed when I take over this in my
company, but I've heard Dansguardian is a very good
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard and
dansguardian)
browser filtering doesn't work at all
external_acl works fine
I don't understand what I'm doing wrong with User-agent filtering
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
Here it uses:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0; .NET CLR 1.1.4322; .NET
CLR 2.0.50727; .NET CLR 3.0.04506.30)
which matches
^.*Mozilla/.*$ (or shorter : Mozilla/)
MSIE is using something including MSIE, but in fact I
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard and
dansguardian)
browser filtering doesn't work at all
external_acl works fine
I don't understand what I'm doing wrong
Erwann PENCREACH wrote:
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard
and dansguardian)
browser filtering doesn't work at all
external_acl works fine
I don't
martin.pichlma...@continental-corporation.com wrote:
Hi Dayo,
you have to recompile squid for this with the additional configure option
'--enable-arp-acl'.
There are some other constraints, read through the documention (for
example the config file).
snip from config file version
=/usr/local/httpd/htdocs/squint
r...@nsa:/usr/local/bin# squint.cron.sh daily
Generating report to /usr/local/httpd/htdocs/squint/all/daily from 20090622 to
20090624
main::writeusersitereports() called too early to check prototype at
/usr/local/bin/squint.pl line 247.
main::writeusersitereports
I installed squid3 on ubuntu with apt. How would I go about enabling arp
ACL with this?
Jeff Pang wrote:
2009/6/24 Dayo Adewunmi contactd...@gmail.com:
Hi all,
I'm trying to block MAC address with this ACL:
Is there something else that needs to be included for 'arp' to become a
valid ACL
Amos Jeffries a écrit :
Erwann PENCREACH wrote:
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
ok, I made changes
nodst and contenttype acl works fine (I'll look later for squidguard
and dansguardian)
browser filtering doesn't work at all
external_acl
hi Gontzal,
i think you`re looking for cache_peer configuration.
like this:
cache_peer 127.0.0.1 parent 8081 3030 no-query proxy-only (connection-auth=on)
acl java_browser ...
acl java_filetypes ...
never_direct allow java_browser
http_access deny java_filetypes !java_browser
On 24.06.2009, Dayo Adewunmi wrote:
I installed squid3 on ubuntu with apt. How would I go about enabling
arp ACL with this?
You'll have to recompile the source, or someone who'll get this done for
you. Maybe you're lucky and find someone who already did.
hi Everybody!
i have a problem with authentication helper squid_kerb_auth.
It's consuming too much CPU. 15 min Load average from the squid server is about
5, 5 min average peaks upto 13, see top output
top - 13:48:13 up 15:45, 5 users, load average: 8.23, 6.21, 4.85
Tasks: 175 total, 2
It would be really great if you could do that.
Thank you,
Alex
-Original Message-
From: Ritter, Nicholas [mailto:nicholas.rit...@americantv.com]
Sent: Tuesday, June 23, 2009 8:25 PM
To: Alexandre DeAraujo
Cc: squid-users
Subject: RE: [squid-users] TPROXY and wiki article working
Hi,
TBH I haven't had yet a chance to do performance testing of my helper.
What you are seeing is the Kerberos replay protection cache. HTTP is the
part of the service principal and 501 is the uid of the process. Depending
on the request/sec it can be quite a bit as each request will be
Could you add the following to your squid startup script ?
export KRB5RCACHETYPE=none
This should disable the cache and I don't think it is a big security risk.
Could you report back if this improves the CPU load ?
Thank you very much
Markus
Markus Moeller hua...@moeller.plus.com wrote in
BTW What is your request/sec rate so that I can judge better if it is a
general low, medium or high squid load ?
Thank you
Markus
J.J. jayjay...@gmx.de wrote in message
news:20090624140826.52...@gmx.net...
hi Everybody!
i have a problem with authentication helper squid_kerb_auth.
It's
On Mon, 2009-07-20 at 02:56 +0200, Mark Lodge wrote:
My current setup is:
Squid Proxy Server-
Client PC--- ADSL Router --- Internet
Client PC---
Client PC---
I want the Client PC to use the Squid Proxy Server for
On Wed, 24 Jun 2009 16:14:23 +0200, Heinz Diehl h...@fancy-poultry.org
wrote:
On 24.06.2009, Dayo Adewunmi wrote:
I installed squid3 on ubuntu with apt. How would I go about enabling
arp ACL with this?
You'll have to recompile the source, or someone who'll get this done for
you. Maybe
Thanks.
Does this configuration make squid cache and serve the files past their max
age if the parent is down, and get it from the parent if the parent is up?
E
-Original Message-
From: Amos Jeffries [mailto:squ...@treenet.co.nz]
Sent: Monday, June 22, 2009 6:50 PM
To: Myles Merrell
Cc:
On Wed, 24 Jun 2009 15:43:07 +0200, Erwann PENCREACH
erwann.pencre...@ch-chaumont.fr wrote:
Amos Jeffries a écrit :
Erwann PENCREACH wrote:
Ralf Hildebrandt a écrit :
* Erwann PENCREACH erwann.pencre...@ch-chaumont.fr:
ok, I made changes
nodst and contenttype acl works fine (I'll look later
On Wed, 24 Jun 2009 19:25:58 -0700, Elli Albek e...@sustainlane.com
wrote:
Thanks.
Does this configuration make squid cache and serve the files past their
max
age if the parent is down, and get it from the parent if the parent is
up?
The monitor config closes the small window where squid may
is read from LOGDIR=/var/log/squid3/Old
Output is written to BASEDIR=/usr/local/httpd/htdocs/squint
r...@nsa:/usr/local/bin# squint.cron.sh daily
Generating report to /usr/local/httpd/htdocs/squint/all/daily from
20090622
to 20090624
main::writeusersitereports() called too early to check
36 matches
Mail list logo